directnic.com XSS vulnerability

Vulnerable URL: https://directnic.com/search?query=0'"...

kostroma.mts.ru XSS vulnerability

Vulnerable URL: http://www.kostroma.mts.ru/search/?text=confirm/XSSPOSED/...

bioengineering.manchester.ac.uk XSS vulnerability

Vulnerable URL: http://www.bioengineering.manchester.ac.uk/about-us/search/?q=glubz%22%3E%3Cimg+src%3Dx+onerror%3Dwindow.onerror%3Dalert%3Bthrow%2Fxssposed%2F%3B%2F%2F%3E%3C=EPSBioengineering=Search Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability...

aitika.ru XSS vulnerability

Vulnerable URL: http://aitika.ru/search/?s=x" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 587170 Google Pagerank| 1 VIP website status:| No Check aitika.ru SSL connection:| Grad...

autosphere.fr XSS vulnerability

Vulnerable URL: http://www.autosphere.fr/recherche?chaine= Details: Description| Value ---|--- Patched:| Yes, at 04.01.2016 Latest check for patch:| 04.01.2016 14:44 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 84231 Google Pagerank| 2 VIP website status:| No...

Metinfo 5.2 /search/search.php SQL 注入

漏洞文件:/search/search.php else $module=intval$module; if$class1$module=0; ifintval$module $serchsql.=" where lang='$lang' and recycle='0' or recycle='-1' and displaytype='1' "; else $class1info=$classlist$class1; if!$class1infookinfo'../',$pagelangnoid; $class1sql=" class1='$class1' "; $class2sql="...

lifeproof.ie XSS vulnerability

Vulnerable URL: https://www.lifeproof.ie/en-ie/search?q=--...

rackroomshoes.com XSS vulnerability

Vulnerable URL: http://www.rackroomshoes.com/search.html?q=as"...

ncpublicschools.org XSS vulnerability

Vulnerable URL: http://www.ncpublicschools.org/search/?program=program=department=007953340131544038496:b3cb1hux6m4=FORID:11=UTF-8="=0=0=www.dpi.state.nc.us/=www.google.co.uk=323j86225j3 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS...

otterbox.com XSS vulnerability

Vulnerable URL: http://www.otterbox.com/en-uk/search?q=--!"...

santeplusmag.com XSS vulnerability

Vulnerable URL: http://www.santeplusmag.com/?s="...

tamaris.de XSS vulnerability

Vulnerable URL: http://www.tamaris.de/on/demandware.store/Sites-DE-Site/deDE/Search-Show?q=...

sibtourport.ru XSS vulnerability

Vulnerable URL: http://www.sibtourport.ru/search/node/--...

popsugar.co.uk XSS vulnerability

Vulnerable URL: http://www.popsugar.co.uk/search?s=x"...

morningjournal.com XSS vulnerability

Open Bug Bounty ID: OBB-82595 Description| Value ---|--- Affected Website:| morningjournal.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

marokko.nl XSS vulnerability

Vulnerable URL: http://marokko.nl/geentaboes/zoeken.php?q=" Details: Description| Value ---|--- Patched:| Yes, at 22.11.2017 Latest check for patch:| 22.11.2017 14:14 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 89686 Google Pagerank| 4 VIP website status:| N...

kb.enoi.se XSS vulnerability

Vulnerable URL: http://kb.enoi.se/?s=...

timbuk2.com XSS vulnerability

Vulnerable URL: http://www.timbuk2.com/search?cgid=root...

bdlive.co.za XSS vulnerability

Vulnerable URL: http://www.bdlive.co.za/search/asd"...

NewStatPress <= 1.0.4 - SQL Injection

The Search functionality is susceptible to a SQL Injection attack due to usage of user input without sanitation. In particular, at line 98 of 'includes/nspsearch.php'. Utilising a specially crafted SQL query, we can trigger disclosure of user hashes through an IMG tag as the data channel. PoC The...